CSRF Guard 4.1.3 - Invalid session error when used with apache and weblogic server, particularly only on Browser Edge in IE 11 Mode #122
Closed
vikrantvij1
started this conversation in
General
Replies: 1 comment
-
|
Since Internet Explorer has reached End Of Life this summer, such issues are not considered a priority for CSRFGuard anymore. The version
|
Beta Was this translation helpful? Give feedback.
0 replies
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
-
We have recently migrated to the CSRF 4.1.3 from older version 3.1.0 , After having this implemented , we have started facing error specifically on Edge browser over IE-11 Mode.
We are using apache server beneath weblogic server, we are not able to figure out the real root cause, but reverting back CSRF guard to older version 3.1.0 fixed this.
Important Note - It is happening through Third party application interaction with our application and third party application is using IFRAME, We only have this issue in the EDGE in IE-11 mode , but working on all other browsers. Moreover, On first request everything looks fine and our application page loads in IFRAME, But on second request , the cookie which browser sent does not match the server session ID as cookie sent by browser on second request is different from the initial one, which results in invalid session error. Nevertheless, Reverting back to older CSRF Guard fix everything.
Few questions striking my mind here are -
Does CSRF guard 4.1.3 have a support for IE-11 or EDGE in IE-11 Mode ?
Is there any property to handle this in CSRF guard ?
Is this happening due to apache server configuration ?. which should not be the case because older version is working fine on same apache.
Any other possibility or suggestion?
We love to hear back on this and will definitely appreciate any kind of help or suggestions.
Beta Was this translation helpful? Give feedback.
All reactions